Disclosure of Invention
The invention mainly aims to provide a network address conversion method and a network address conversion device, which can realize point-to-point communication between any equipment and a server in an IP conflict environment in a local area network, are simpler in realization, reduce the processing load of a system and have higher processing efficiency.
In a first aspect, the present application provides a network address translation method, wherein the method comprises the steps of:
Based on an IP conversion module deployed between the host and the server, determining an IP conversion white list;
Intercepting all received ARP packets through the IP conversion module, analyzing the ARP packets, and judging whether the IP of the sending end exists in the IP conversion white list or not;
When the source IP of the ARP packet is confirmed to exist in the IP conversion white list, NAT IP is distributed through the IP conversion module, and the source IP of the ARP packet is modified into NAT IP and sent to a receiving end for learning;
When the receiving end needs to forward the ARP packet to the transmitting end, the destination IP of the modified ARP packet is restored to the source IP of the transmitting end through the IP conversion module and is sent to the transmitting end, so that network address conversion is completed.
With reference to the first aspect, as an optional implementation manner, a NAT mapping table is established to store a mapping relationship between a MAC and an IP of the device after NAT, where the NAT mapping table includes: MAC address, source IP, NAT IP.
With reference to the first aspect, as an optional implementation manner, when the sending and receiving sides of the ARP packet complete ARP learning and perform IP communication, the IP conversion module performs conversion on an address of the IP packet according to the replacement of the source/destination IP of the IP packet by using the established NAT mapping table.
With reference to the first aspect, as an optional implementation manner, when it is determined that the IP of the sender exists in the IP translation white list, a NAT IP is allocated to the IP of the sender by using the IP translation module;
Searching a source MAC of a transmitting end according to the established NAT mapping table to determine whether the source MAC exists in the NAT mapping table item;
When the source MAC is determined to exist in the table entry, reading NAT IP distributed by an IP conversion module in the table entry, modifying the source IP of the sending end into distributed NATIP, and forwarding to a receiving end for learning.
With reference to the first aspect, as an optional implementation manner, when it is determined that the source MAC does not exist in the table entry, the IP conversion module allocates a free NATIP, and creates a mapping table entry to store in the NAT mapping table.
With reference to the first aspect, as an optional implementation manner, when an ARP packet replied by a receiving end to a sending end arrives at the IP conversion module, the IP conversion module queries a NAT mapping table according to a destination MAC of the modified ARP packet, and determines whether the destination MAC exists in the NAT mapping table;
if the ARP packet exists, the IP conversion module restores the destination IP of the modified ARP packet to the source IP of the transmitting end and then forwards the source IP of the transmitting end to the transmitting end;
if not, directly forwarding to the transmitting end.
With reference to the first aspect, as an optional implementation manner, an IP conversion white list is established; monitoring a multicast message issued by a server through the IP conversion module; and according to the monitored multicast message, confirming the IP to be converted, and adding the IP to be converted into the IP conversion white list.
With reference to the first aspect, as an optional implementation manner, the parsing the ARP packet includes: hardware type, hardware address length, protocol type, operation type, sender MAC address, sender IP address, destination MAC address, and destination IP address.
With reference to the first aspect, as an optional implementation manner, when a new data packet sent by the host is not received within a preset time, the NAT mapping table entry corresponding to the host is cleared, and the allocated NATIP is recovered by the IP conversion module.
In a second aspect, the present application provides a network address translation device, the device comprising:
the monitoring module is used for determining an IP conversion white list based on the IP conversion module deployed between the host and the server;
the judging module is used for intercepting all received ARP packets through the IP conversion module and analyzing the ARP packets to judge whether the IP of the sending end exists in the IP conversion white list or not;
The processing module is used for distributing NAT (network address translation) IP through the IP conversion module when determining that the source IP exists in the IP conversion white list, modifying the source IP of the ARP packet into NAT IP, and sending the NAT IP to a receiving end for learning;
And the restoring module is used for restoring the destination IP of the modified ARP packet into the source IP of the transmitting end through the IP conversion module when the receiving end needs to forward the ARP packet to the transmitting end, and transmitting the source IP of the transmitting end so as to finish network address conversion.
The application provides a network address conversion method and a device, wherein the method comprises the following steps: based on an IP conversion module deployed between the host and the server, determining an IP conversion white list; intercepting all received ARP packets through the IP conversion module, analyzing the ARP packets, and judging whether the IP of the sending end exists in the IP conversion white list or not; when the source IP of the ARP packet is confirmed to exist in the IP conversion white list, NAT IP is distributed through the IP conversion module, and the source IP of the ARP packet is modified into NAT IP and sent to a receiving end for learning; when the receiving end needs to forward the ARP packet to the transmitting end, the destination IP of the modified ARP packet is restored to the source IP of the transmitting end through the IP conversion module and is sent to the transmitting end, so that network address conversion is completed. The application can realize the point-to-point communication between any equipment and the server in the IP conflict environment in the local area network, solves the problem that the IP conflict equipment in the local area network can not access the network at the same time, reduces the processing load of the system, and has higher processing efficiency and improved communication efficiency.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention as claimed.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the invention. Rather, they are merely examples of apparatus and methods consistent with aspects of the invention as detailed in the accompanying claims.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities.
The invention can be deployed in software or as separate hardware.
Embodiments of the present application are described in further detail below with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a flowchart of a network address translation method provided in the present invention, and as shown in fig. 1, the method includes the steps of:
step S101, based on an IP conversion module deployed between the host and the server, the IP conversion white list is determined.
Specifically, an IP conversion white list is established; the IP conversion module starts multicast message monitoring to monitor the multicast message issued by the server; and the IP conversion module confirms the IP to be converted according to the monitored multicast message and adds the IP to be converted into the IP conversion white list. In addition, it should be noted that, the IP conversion whitelist may be determined by manual configuration or by presetting a configuration file of a module, etc., and in an actual application scenario, if the manual configuration of the whitelist is troublesome, but if the control is performed by using a multicast message, the configuration efficiency may be improved.
In an embodiment, the IP conversion module starts multicast message monitoring, and the Server notifies the IP packet processing module of the source IP address to be converted through multicast, and the IP conversion module adds the source IP address to be converted into the IP conversion white list, which is known by the IP conversion module to be converted, which is equivalent to the white list, and the IP conversion is performed only in the list.
In an embodiment, after determining the IP translation white list, a NAT mapping table is established to store a mapping relationship between the MAC and the IP of the device after NAT, where the NAT mapping table includes: MAC address, source IP, NAT IP.
It can be understood that this patent needs to dispose an IP conversion module between the Host and the Server, where the module needs to perform special processing on the message between the Host and the Server to implement peer-to-peer communication between the Server and any Host, and it should be noted that the Host and the Server may be used as a transmitting end or a receiving end.
It should be explained that MAC: in a local area network, the network card hardware address is also referred to as a physical address or MAC address.
NAT (Network Address Translation), referred to as IP address translation.
NAT equipment: devices for IP address translation in a network are typically installed between an internal network and an external network.
ARP: the address resolution protocol, ARP (Address Resolution Protocol), is a TCP/IP protocol that obtains a physical address from an IP address.
IP address collision: meaning that in the same local area network, two users use the same IP address at the same time.
Step S102, intercepting all received ARP packets by the IP conversion module and analyzing the ARP packets to judge whether the IP of the sending end exists in the IP conversion white list.
Specifically, the IP conversion white list is queried according to the IP of a sending end, and when the IP matched with the sending end exists in the IP conversion white list, the IP of the sending end is judged to exist in the IP conversion white list; and when the IP conversion white list does not contain the IP matched with the sending end, judging that the IP of the sending end does not contain the IP conversion white list. Wherein the parsing of the package comprises: determining a hardware type, a protocol type, a hardware address length, a protocol length, a sender MAC address, a sender IP address, a destination MAC address and a destination IP address.
For example, it is assumed that the Host sends a message to the Server, and before the message arrives at the Server, the message is received by the IP conversion module, and the IP conversion module queries the IP of the sender for the received information to determine whether the message is in the white list.
It can be understood that all the passing message data packets are intercepted on the IP conversion module, the data packet structure is analyzed and processed, the processing purpose is that the equipment with and without the IP conflict can normally learn ARP information, the processing mode is to convert the network address, and the principle that the IP conversion module solves the IP conflict can be understood as follows: the message to be processed is filtered by utilizing an IP conversion white list, NAT mapping of conflict IP is carried out based on the MAC address, the IP conflict is shielded on the side of an IP conversion module through NAT conversion of source and destination addresses of an IP data packet, and equipment in a local area network can communicate with an opposite terminal through NAT IP under the condition of keeping the IP of the equipment unchanged, so that the problem of the IP conflict is solved under the condition that the equipment does not need to be manually configured.
Step S103, when the IP conversion white list is determined to exist, NAT IP is distributed through the IP conversion module, and the source IP of the ARP packet is modified into NAT IP and sent to a receiving end for learning.
Specifically, when the IP conversion module determines that the IP of the sending end exists in the white list, the IP conversion module is utilized to allocate an NAT IP for the IP of the sending end, and a source MAC of the sending end is searched according to the established NAT mapping table so as to determine whether the source MAC exists in the NAT mapping table item; when the source MAC is determined to exist in the table entry, reading the NAT IP distributed by the IP conversion module in the table entry, modifying the source IP of the sending end into the distributed NAT IP, and forwarding the modified NAT IP to the receiving end for learning.
And when the source MAC is determined to not exist in the table entry, the IP conversion module allocates an idle NAT IP, and creates a mapping table entry to be stored in a NAT mapping table.
For example, when the message is an ARP Request and the source IP address exists in the IP translation white list, the IP translation module searches the NAT mapping table according to the source MAC in the ARP Request packet, if no table entry is found, the translation module allocates an idle NATIP, creates a mapping table entry (source MAC source IP NATIP) and stores the mapping table in the NAT mapping table, if the table entry is found, reads the nat_ip in the table entry, modifies the source IP address of the ARP to the nat_ip, and forwards the modified ARP packet. When the host in the lan receives the modified ARP Request, it learns an ARP message with IP NATIP because the source IP has been modified and no longer conflicts with itself, and replies an ARP Reply message to NATIP.
Optionally, all the passing ARP packets are intercepted on the conversion module, the ARP packet structure is analyzed and processed, and the processing purpose is that the equipment with and without IP conflict can normally learn ARP information, and the processing mode is as follows:
ARP Request message processing: inquiring an IP conversion white list according to the IP address of the sender, judging whether the IP of the sender is in the white list, if not, forwarding, and if so, searching the mapped table item in the NAT mapping table according to the MAC of the sender; if the table item does not exist, an idle NAT IP is distributed in the NAT address pool, a mapping table item is created and inserted into the NAT mapping table, the sender IP address of the ARP is modified to NATIP in the table item, and if the address pool is full, the sender IP address is discarded.
It can be understood that, assuming that A, B, C devices respectively correspond to MAC1, MAC2, and MAC3, the three IPs are the same (called IP 0) and the same as the IPs in the whitelist, the IP conversion module respectively assigns NAT IPs to IP1, IP2, and IP3 to A, B, C, and at this time, there are 3 pieces of information a on the inner surface of the NAT mapping table: MAC1IP0IP1; b: MAC2IP0IP2; c: MAC3IP0IP3. That is, the NAT mapping table has a first column of MAC, a second column of original IP, and a third column of NAT IP. The NAT IP may be allocated randomly or sequentially, for example, from large to small (192.168.1.1 to 192.168.1.64).
It is convenient to understand that an abstract example is illustrated, and it is assumed that the IP in the white list is 192.168.1.1, and the IP address of the packet received by the IP conversion module is 192.168.1.1, where the IP conversion module allocates one 192.168.1.12 according to the MAC address corresponding to the packet, where there is also a MAC (source MAC address) in the NAT mapping table, 192.168.1.1 (source IP), 192.168.1.12 (NAT IP), that is, the NAT mapping table is dynamic. The mapping table is also checked by the MAC address for the existence 192.168.1.12.
Step S104, when the receiving end needs to forward the ARP packet to the sending end, the destination IP of the modified ARP packet is restored to the source IP of the sending end through the IP conversion module and sent to the sending end so as to complete network address conversion.
Specifically, when an ARP packet replied to a sender by a receiver arrives at the IP conversion module, the IP conversion module queries a NAT mapping table according to a destination MAC of the modified ARP packet, and determines whether the destination MAC exists in the NAT mapping table; if the ARP packet exists, the IP conversion module restores the destination IP of the modified ARP packet to the source IP of the transmitting end and then forwards the source IP of the transmitting end to the transmitting end; if not, directly forwarding to the transmitting end.
It can be understood that when the IP conversion module receives that the ARP packet is ARP Reply, it needs to find the NAT mapping table according to the source MAC of the ARP packet, restore the destination IP of the ARP packet to the original IP of Host, at this time, the source IP of the Reply packet does not conflict with itself in the view of the APR Request sender, and the destination IP is self-owned, and can also learn ARP information normally.
Optionally, ARP Reply message processing: the IP modification method of the sender is consistent with the ARP Request, but the target IP needs to be subjected to additional processing, the NAT mapping table is required to be queried according to the target MAC, if the table entry exists, the target IP of the ARP packet needs to be restored into the original IP in the table entry (namely, the direct IP of the equipment) and then forwarded, and if the original IP does not exist, the target IP is directly forwarded.
In one embodiment, when the sender and the receiver of the ARP packet complete ARP learning and perform IP communication, the IP conversion module performs, according to the established NAT mapping table, replacement of the source/destination IP of the IP packet, so as to convert the address of the IP packet. It can be understood that when the IP packet sent by the Host arrives at the IP conversion module, the conversion module parses the packet, searches the NAT mapping table through the packet source MAC, reads NATIP of the table entries, and modifies the destination IP to NATIP.
When the message data packet replied to the Host arrives at the conversion module, the conversion module searches the NAT mapping table through the destination MAC of the data packet, reads the original IP (the IP before the equipment NAT) in the table entry, and restores the destination IP to the IP before the Host NAT.
In an embodiment, when a new data packet sent by the host is not received within a preset time, the NAT mapping table entry corresponding to the host is cleared, and the allocated NATIP is retrieved by the IP translation module. It can be understood that the whole mapping process is not perceived by the Host in the mapping process, the local IP of the Host is always kept unchanged, the aging of the table entry can not be controlled by a DHCP-like lease, the aging is realized by a timer on the translation module, when t time passes from the last packet receiving of the Host, if a new data packet is not received, the table entry of the NAT mapping table corresponding to the last Host is cleared, and the assigned NAT IP is recovered by the translation module.
It can be understood that the principle of the IP conversion module in the present application is to implement conversion of the IP address of the data packet based on the MAC address and the conversion rule, where the actual IP address of the Host and the Server remain unchanged, but in the packet received by the Server, the Host is mapped into different IPs through the IP conversion module, so that the problem of IP collision is solved, and the Server can normally communicate with any Host without mutual influence.
Referring to fig. 2, fig. 2 is a schematic diagram of a network address translation device according to the present invention, where, as shown in fig. 2, the device includes:
A listening module 201 for determining an IP conversion whitelist based on an IP conversion module deployed between the host and the server;
The judging module 202 is configured to intercept all received ARP packets and parse the ARP packets by using the IP conversion module, and judge whether the IP of the sending end exists in the IP conversion whitelist;
a processing module 203, configured to allocate NAT IP through the IP conversion module when it is determined that the source IP of the ARP packet exists in the IP conversion whitelist, and modify the source IP of the ARP packet to NAT IP, and send the NAT IP to a receiving end for learning;
And the reduction module 204 is configured to reduce, when the receiving end needs to forward the ARP packet to the sending end, the destination IP of the modified ARP packet to the source IP of the sending end through the IP conversion module, and send the source IP of the sending end to the sending end, so as to complete network address conversion.
Further, in one possible implementation manner, the processing module is further configured to establish a NAT mapping table to store a mapping relationship between a MAC and an IP of the device after NAT, where the NAT mapping table includes: MAC address, source IP, NAT IP.
Further, in one possible implementation manner, the processing module is further configured to, when the sending and receiving sides of the ARP packet complete ARP learning and perform IP communication, replace a source/destination IP of the IP packet according to the established NAT mapping table by the IP conversion module, so as to convert an address of the IP packet.
Further, in a possible implementation manner, the processing module is further configured to allocate a NAT IP to the IP of the sender by using the IP conversion module when it is determined that the IP of the sender exists in the IP conversion white list;
Searching a source MAC of a transmitting end according to the established NAT mapping table to determine whether the source MAC exists in the NAT mapping table item;
When the source MAC is determined to exist in the table entry, reading NAT IP distributed by an IP conversion module in the table entry, modifying the source IP of the sending end into distributed NATIP, and forwarding to a receiving end for learning.
Further, in a possible implementation manner, the processing module is further configured to, when it is determined that the source MAC does not exist in the table entry, allocate a free NATIP, and create a mapping table entry to store in the NAT mapping table.
Further, in one possible implementation manner, the restoration module is further configured to, when the ARP packet replied to the sender by the receiver arrives at the IP conversion module, query a NAT mapping table according to the destination MAC of the modified ARP packet, and determine whether the destination MAC exists in the NAT mapping table;
if the ARP packet exists, the IP conversion module restores the destination IP of the modified ARP packet to the source IP of the transmitting end and then forwards the source IP of the transmitting end to the transmitting end;
if not, directly forwarding to the transmitting end.
Further, in one possible implementation manner, the monitoring module is further configured to establish an IP conversion white list;
monitoring a multicast message issued by a server through the IP conversion module;
And according to the monitored multicast message, confirming the IP to be converted, and adding the IP to be converted into the IP conversion white list.
Further, in a possible implementation manner, the judging module is further configured to query the IP conversion white list according to an IP of a sender, and judge that the IP of the sender exists in the IP conversion white list when an IP matched with the sender exists in the IP conversion white list;
And when the IP conversion white list does not contain the IP matched with the sending end, judging that the IP of the sending end does not contain the IP conversion white list.
Further, in one possible implementation manner, the processing module is further configured to clear an NAT mapping table entry corresponding to the host when a new data packet sent by the host is not received within a preset time, and retract NATIP allocated thereto through the IP translation module.
Referring to fig. 3, fig. 3 is a schematic diagram of network address translation provided in the present invention, as shown in fig. 3:
an IP conversion module is deployed between the host and the server, the IP conversion module determines an IP white list to be converted, when the host HostA sends a request to the server through the IP conversion module, the module judges whether the IP is the same as the IP in the white list according to the source IP of the host A, if the IP is the same as the IP in the white list, an NAT IP is allocated to the host A, and a mapping relation exists between the allocated NAT IP and the source MAC address of the host A, namely, the allocated NAT IP can be searched through the source MAC address of the host A, and the allocated NAT IP is stored in an NAT mapping table, wherein the NAT mapping table comprises the source MAC address of the host A, the source IP and the allocated IP, namely, the NAT IP.
The IP conversion module searches the NAT mapping table according to the source MAC of the request sent by the host a, if no table entry is found, the conversion module allocates an idle NAT IP, creates a mapping table entry (source MAC source IP NATIP) and stores the mapping table in the NAT mapping table, if the table entry is found, reads NATIP in the table entry, i.e. after the corresponding NAT IP is found by the source MAC of the request, and modifies the source IP address of the request to NATIP, and sends the modified NAT IP to the Server.
When the server needs to return the request to the Host, the server passes through the IP conversion module, and at the moment, the IP conversion module searches the target MAC for the NAT mapping table, reads the original IP (the IP before the NAT of the equipment) in the table entry, and restores the target IP to the IP before the Host NAT.
It will be appreciated that HostA to Server, source IP192.168.1.1 of HostA is modified to 192.168.1.2 by the IP conversion module, and that when Server is to HostA, the destination IP of the Server is modified to 192.168.1.1 by the IP conversion module. In addition, the HostB processing is consistent with HostA and will not be described in detail.
Referring to fig. 4, fig. 4 is a flowchart of ARP packet processing according to the present invention, as shown in fig. 4:
Specifically, when the message is an ARP Request and the source IP address exists in the IP translation white list, the IP translation module searches the NAT mapping table according to the source MAC in the ARP Request packet, if no table entry is found, the translation module allocates an idle NAT IP, creates a mapping table entry (source MAC source nat_ip) and stores the mapping table in the NAT mapping table, if the table entry is found, reads the nat_ip in the table entry, modifies the source IP address of the ARP to nat_ip, and forwards the modified ARP packet. When the IP conversion module receives that the ARP packet is ARP Reply, the NAT mapping table is required to be searched according to the source MAC, the source IP is required to be modified into the NAT IP in the table entry, and the destination IP of the ARP packet is required to be restored into the original IP of the Host, at the moment, the source IP of the returned packet does not conflict with the source IP of the Reply packet in the view of an APR Request sender, the destination IP is self, and the ARP can be normally learned.
Optionally, ARP Request message processing: inquiring an IP conversion white list according to the IP address of the sender, judging whether the IP of the sender is in the white list, if not, forwarding, and if so, searching the mapped table item in the NAT mapping table according to the MAC of the sender; if the table item does not exist, an idle NAT IP is distributed in the NAT address pool, a mapping table item is created and inserted into the NAT mapping table, the sender IP address of the ARP is modified into NAT_IP in the table item, and if the address pool is full, the NAT_IP is discarded.
ARP Reply message processing: the IP modifying method of the sender is consistent with the ARP Request, but the target IP needs to be additionally processed, the NAT mapping table needs to be queried according to the target MAC, if the table entry exists, the target IP of the ARP packet needs to be restored to the original IP in the table entry (namely, the direct IP of the equipment) and then forwarded, if the target IP does not exist, the target IP is directly forwarded
Referring to fig. 5, fig. 5 is a flow chart of IP packet processing provided in the present invention, as shown in fig. 5:
Intercepting all the passing IP data packets on the conversion module, analyzing the IP packet structure, taking any one (Host or Server) device A accessed to the IP conversion module as an example, when the device A wants to communicate with another device B in the local area network, the source address of the IP packet sent by the device A is the own real address, the IP address of the device B of the destination address, the source MAC and the destination MAC are both real MAC, and after intercepting the data packets, the IP conversion module needs to process the source IP and the destination IP of the IP packet as follows:
(1) Pretreatment: and inquiring the IP mapping white list according to the source IP, if the IP mapping white list is not in the list, directly forwarding without replacement, and entering a source IP replacement link in the white list.
(2) Source IP substitution: and inquiring the NAT mapping table according to the source MAC, entering a destination IP replacement link if the table entry does not exist, and modifying the source IP of the data packet into the NAT IP in the table entry and then entering the destination IP replacement link if the table entry exists.
(3) Destination IP substitution: and inquiring the NAT mapping table according to the destination MAC, if the table entry exists, modifying the destination IP into the original IP in the table entry, and if the original IP does not exist (when the destination device IP does not need to be mapped in the white list), keeping the destination IP unchanged.
(4) Modifying the checksum: when either the source IP or the destination IP is changed, the checksum of the data packet (such as TCP/UDP protocol) needs to be recalculated, and the data packet (such as ICMP protocol) does not need to be checked, and when the device B receives and responds to the processed message, the processing procedure is consistent with the above.
In addition, it should be noted that, when the sender and the receiver of the ARP packet complete ARP learning and perform IP communication, the IP conversion module performs, according to the established NAT mapping table, replacement of the source/destination IP of the IP packet, so as to convert the address of the IP packet. It will be appreciated that the translation of the IP packets is based on NAT mapping tables.
Referring to fig. 6, fig. 6 is a schematic diagram of data interaction provided by the present invention, as shown in fig. 6:
When HostA and HostB of the same IP communicate with the Server, IP information in the ARP message is intercepted by the IP conversion module, is replaced by NAT and then is forwarded, and information of the equipment MAC and the mapping IP is recorded in the NAT mapping table.
After ARP learning is completed, hostA and HostB replace or restore the IP in the IP data packet according to the NAT mapping table when carrying out IP communication with the Server.
It can be understood that, when the message is an ARP Request and the source IP address exists in the IP translation white list, the IP translation module searches the NAT mapping table according to the source MAC in the ARP Request packet, if no table entry is found, the translation module allocates an idle NAT IP, creates a mapping table entry (source MAC source IP NATIP), stores the mapping table in the NAT mapping table, if the table entry is found, reads NATIP in the table entry, modifies the source IP address of the ARP to NATIP, and forwards the modified ARP packet. When the host in the lan receives the modified ARP Request, it learns an ARP message with IP NATIP because the source IP has been modified and no longer conflicts with itself, and replies an ARP Reply message to NATIP.
When the IP conversion module receives that the ARP packet is ARP Reply, the NAT mapping table is required to be searched according to the source MAC, the destination IP of the ARP packet is restored to the original IP of the Host, at the moment, the source IP of the returned packet and the destination IP do not conflict with each other in the view of an APR Request sender, the destination IP is self, and the ARP can be normally learned.
Based on NAT mapping table, when IP data packet sent by Host reaches IP conversion module, conversion module analyzes data packet, searches NAT mapping table through data packet source MAC, reads NATIP in table entry, and modifies destination IP to NATIP
When the message data packet replied to the Host arrives at the conversion module, the conversion module searches the NAT mapping table through the destination MAC of the data packet, reads the source IP (the IP before the equipment NAT) in the table entry, and restores the destination IP to the IP before the Host NAT.
The foregoing is only a specific embodiment of the application to enable those skilled in the art to understand or practice the application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.